package projectmanagement.web;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import projectmanagement.model.Person;
import projectmanagement.model.Task;
import projectmanagement.util.ApplicationSecurityManager;
import projectmanager.model.dao.TaskDao;

/**
 * Intercepts HTTP requests to ensure user is signed in; it also closes the
 * Hibernate session for the current thread.
 * 
 * @author anil
 */
public class HttpRequestInterceptor extends HandlerInterceptorAdapter {
	private String signInPage;
	private String unauthorisedPage;
	private List<String> authorisationExceptions;
	private TaskDao taskManager;
	private ApplicationSecurityManager applicationSecurityManager;

	/**
	 * Uses ApplicationSecurityManager to ensure user is logged in; if not, then
	 * user is forwarded to the sign-in page.
	 * 
	 * @see ApplicationSecurityManager
	 */
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {
		Person person = (Person) applicationSecurityManager.getPerson(request);
				
		if (person == null) {
			response.sendRedirect(this.signInPage);
			return false;
		}else if (!person.getIsManager()) {
			String uri = request.getRequestURI();
			String action = request.getParameter("action");
			String id = request.getParameter("id");
			
			for(int i = 0; i < this.authorisationExceptions.size(); i++){
				if (uri.indexOf(authorisationExceptions.get(i)) > 0){
					if ((action == null || "edit".equals(action)) && checkTaskAssignee(person.getId(), id)){
						return true;
					}
				}
			}
			
			response.sendRedirect(this.unauthorisedPage);
			return false;
		}

		return true;
	}

	public String getSignInPage() {
		return signInPage;
	}

	public void setSignInPage(String signInPage) {
		this.signInPage = signInPage;
	}
	

	public String getUnauthorisedPage() {
		return unauthorisedPage;
	}

	public void setUnauthorisedPage(String unauthorisedPage) {
		this.unauthorisedPage = unauthorisedPage;
	}

	public List<String> getAuthorisationExceptions() {
		return authorisationExceptions;
	}

	public void setAuthorisationExceptions(List<String> authorisationExceptions) {
		this.authorisationExceptions = authorisationExceptions;
	}

	public TaskDao getTaskManager() {
		return taskManager;
	}

	public void setTaskManager(TaskDao taskManager) {
		this.taskManager = taskManager;
	}

	public ApplicationSecurityManager getApplicationSecurityManager() {
		return applicationSecurityManager;
	}

	public void setApplicationSecurityManager(
			ApplicationSecurityManager applicationSecurityManager) {
		this.applicationSecurityManager = applicationSecurityManager;
	}
	
	private boolean checkTaskAssignee(int assignee, String taskId){
		if (taskId != null){
			int id = Integer.parseInt(taskId);
			
			Task task = taskManager.getTaskById(id);
			if (assignee != task.getAssignee().getId()){
				return false;
			}
		}
		
		return true;
	}
}
